Who has access to your customers’ information?

Do you know who has access to the data your customers entrusted to you? Are you absolutely sure you know? Can you be sure your employees are handling this data properly while working with it? Nowadays many online tools and cloud services help simplify in-team data exchange — but simplification of exchange can lead to complication of data protection.

What can go wrong? In a word, everything. Most problems come down to common mistakes: someone sends corporate data to personal e-mail to work from home; an employee uploads data to a file-sharing service to be able to access it while traveling; the team works with an online version of a document that can be accessed from a direct link; cloud services are misconfigured. According to our recent survey, “Growing businesses safely: Cloud adoption vs. security concerns,” 58% of SMBs use various public-cloud-based business applications to work with customers’ data.

Don’t forget about classical pre-cloud-era mistakes, either. Working with data on personal unprotected mobile devices, or carrying it on removable media that can be lost or stolen, remain popular ways to put customer data at risk. Others include disposal of printed copies of that information into common trash, or allowing access to the information by unauthorized employees.

Potentially, that data can be used by different parties — competitors, disgruntled employees, cybercriminals — to harm you in a variety of ways such as tarnishing your reputation or holding data for ransom.

Keeping and processing your customers’ data safely requires not only robust protection that extends to the cloud, but also certain internal measures. Businesses that operate in Europe and fall under the jurisdiction of GDPR should already be familiar with the concepts. However, they still need to keep in mind that the information they need to protect is not necessarily limited to “personal data.”

To be sure that the information your clients entrust to you will not fall into the wrong hands, you need to know what data you are working with, which employees have access to it, how it is processed, and how it is disposed of. Get started by:

Creating a list of assets your employees use;

Making a list of the online services your organization uses, and analyzing which of them are critical for your business processes;

Auditing critical services and their settings;

Setting clear guidelines for which data can be moved to the cloud and which must stay internal;

This post tags:

Nikolay Pankov

Latest posts:

Share it using the social you like:

Send to Kindle

Enter your email address to subscribe to this blog and receive notifications of new posts by email

*

*

I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.